Analysis
-
max time kernel
38s -
max time network
41s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
21/11/2022, 20:41
Static task
static1
Behavioral task
behavioral1
Sample
16c3e8fd3ae3a6ff350a9909512635998c8ef830c6bd5ba82970d9722189c4bc.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
16c3e8fd3ae3a6ff350a9909512635998c8ef830c6bd5ba82970d9722189c4bc.exe
Resource
win10v2004-20220901-en
General
-
Target
16c3e8fd3ae3a6ff350a9909512635998c8ef830c6bd5ba82970d9722189c4bc.exe
-
Size
1.0MB
-
MD5
847a5cd9659d36db185213d4457ccafe
-
SHA1
dca7352e6dcb469017d6730687fb7d4c0233368a
-
SHA256
16c3e8fd3ae3a6ff350a9909512635998c8ef830c6bd5ba82970d9722189c4bc
-
SHA512
c77ac0129fff489a6001496213c5e54ba71f9da23e6d02cb429773c38b7bff95511fa29bc06d6e420d185013ca2cb34c9ecc9217249c259aa4912e734f05a753
-
SSDEEP
24576:oJ0FPl0XoDnqgEdhlaCT3xXGHRXjEuuMjM4jm6dVriAUli8WXHXlps:oWFPaXGalaCTt8XjwoGji8D
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 1712 set thread context of 1720 1712 16c3e8fd3ae3a6ff350a9909512635998c8ef830c6bd5ba82970d9722189c4bc.exe 26 -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main 16c3e8fd3ae3a6ff350a9909512635998c8ef830c6bd5ba82970d9722189c4bc.exe -
Suspicious use of SetWindowsHookEx 5 IoCs
pid Process 1720 16c3e8fd3ae3a6ff350a9909512635998c8ef830c6bd5ba82970d9722189c4bc.exe 1720 16c3e8fd3ae3a6ff350a9909512635998c8ef830c6bd5ba82970d9722189c4bc.exe 1720 16c3e8fd3ae3a6ff350a9909512635998c8ef830c6bd5ba82970d9722189c4bc.exe 1720 16c3e8fd3ae3a6ff350a9909512635998c8ef830c6bd5ba82970d9722189c4bc.exe 1720 16c3e8fd3ae3a6ff350a9909512635998c8ef830c6bd5ba82970d9722189c4bc.exe -
Suspicious use of WriteProcessMemory 11 IoCs
description pid Process procid_target PID 1712 wrote to memory of 1720 1712 16c3e8fd3ae3a6ff350a9909512635998c8ef830c6bd5ba82970d9722189c4bc.exe 26 PID 1712 wrote to memory of 1720 1712 16c3e8fd3ae3a6ff350a9909512635998c8ef830c6bd5ba82970d9722189c4bc.exe 26 PID 1712 wrote to memory of 1720 1712 16c3e8fd3ae3a6ff350a9909512635998c8ef830c6bd5ba82970d9722189c4bc.exe 26 PID 1712 wrote to memory of 1720 1712 16c3e8fd3ae3a6ff350a9909512635998c8ef830c6bd5ba82970d9722189c4bc.exe 26 PID 1712 wrote to memory of 1720 1712 16c3e8fd3ae3a6ff350a9909512635998c8ef830c6bd5ba82970d9722189c4bc.exe 26 PID 1712 wrote to memory of 1720 1712 16c3e8fd3ae3a6ff350a9909512635998c8ef830c6bd5ba82970d9722189c4bc.exe 26 PID 1712 wrote to memory of 1720 1712 16c3e8fd3ae3a6ff350a9909512635998c8ef830c6bd5ba82970d9722189c4bc.exe 26 PID 1712 wrote to memory of 1720 1712 16c3e8fd3ae3a6ff350a9909512635998c8ef830c6bd5ba82970d9722189c4bc.exe 26 PID 1712 wrote to memory of 1720 1712 16c3e8fd3ae3a6ff350a9909512635998c8ef830c6bd5ba82970d9722189c4bc.exe 26 PID 1712 wrote to memory of 1720 1712 16c3e8fd3ae3a6ff350a9909512635998c8ef830c6bd5ba82970d9722189c4bc.exe 26 PID 1712 wrote to memory of 1720 1712 16c3e8fd3ae3a6ff350a9909512635998c8ef830c6bd5ba82970d9722189c4bc.exe 26
Processes
-
C:\Users\Admin\AppData\Local\Temp\16c3e8fd3ae3a6ff350a9909512635998c8ef830c6bd5ba82970d9722189c4bc.exe"C:\Users\Admin\AppData\Local\Temp\16c3e8fd3ae3a6ff350a9909512635998c8ef830c6bd5ba82970d9722189c4bc.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1712 -
C:\Users\Admin\AppData\Local\Temp\16c3e8fd3ae3a6ff350a9909512635998c8ef830c6bd5ba82970d9722189c4bc.exe
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1720
-